Cloud Center for Hybrid Cloud
Josip Zimet CCIE 5688 Cisco
Multitenant multivendor across bare metal, virtual and container private and public cloud
Cloud Center VMs=house Apartments=containers
Nova/cinder/Neutron NSX/ACI/Contiv
EC2/S3/EBS/VPC/Sec Groups The Matrix – blue pill, red pill http://www.cliqr.com/partners/ http://www.cliqr.com 25+ Cloud supported
CliQr can manage applications running on any CliQr can launch applications in Microsoft CliQr can launch workloads on Amazon Web Services data center in any region as Auzre’s many data centers. Cisco’s Unified Computing System well as support for their Relational Database Service with support for Cisco UCS Director. and Elastic Load Balancing.
CliQr Supports deployment to AWS GovCloud (US), Deploy in the physical and logical network- CloudStack version 3.x or later is an isolated AWS Region designed for US government isolated instance of Azure dedicated for US supported as a target cloud by CliQr. agencies and customers to move sensitive workloads government use. to the cloud.
Deploy and manage in a Bracket Compute Cell in All of the Rackspace OpenStack Havana- CloudCenter supports Windows multiple cloud environments. based offerings are supported by CliQr. Azure Pack, which brings Microsoft Azure technologies to private data centers.
Cloud N data centers in both the US and Japan are Get “one click” deployment and CliQr can launch workloads on the manageable by CliQr. management in the IBM public cloud Mirantis Private-Cloud-as-a-Service. including bare metal provisioning
CliQr can run workloads on Dimension Data’s Public In addition to managing VMware-based CliQr is a sponsor of OpenStack and Compute-as-a-Service portfolio. private clouds, CliQr also supports their can deploy workloads on Havana- vCloud Air offering based installations.
In addition to managing workloads on Google Cloud Both vSphere and vCloud Director targets CliQr supports RedHat's distribution Platform virtual machines, CliQr also supports Google are supported. of OpenStack. Cloud SQL. Deploy as Hybrid
Deploy Database @ Deploy Load Balancer Deploy Apache @ DC1 @ DC1 DC2
Add External Network to Load Add External Network to Database Balancer Dev QAStageProd
World-Class Results
DevOps and IT-as-a-Service with Migrate and Dynamic Capacity Continuous Delivery Governance Manage Augmentation
New product release Was - 127 step process Brought AWS workloads Spin up 400 servers on cycle reduced from 16 to that touched back demand to reduce 12 months 5 different teams to UCS Director simulation time from 14 managed Private Cloud days Support shift from Now – One Click to 5 hours Waterfall to with 3 minute wait in in Agile Development ACI environment Now pay only $62 per run Could UCSD+CliQr do OpenStack and VMW and MS and Containers and ACI and multivendor infrastructure? External Contract 1 2
EPG’s Broad Multi-Vendor Infrastructure Support UCS Director
Converged VM L4-L7 Compute Network Storage
vASA, Nexus CSR1000v MDS * * * *
* * * * * Partner provided roleback Could UCSD do OpenStack and VMW and ACI ? Openstack Manually, ACI automatically Openstack and ACI automatically https://www.youtube.com/watch?v=hz7zwd98rn4
No Web-1 No Web-2 No App-1 No DB-1 No DB-2 No DB-3 No App-2 No DB-3 Click & Dril Down Data Scientist out of the box https://www.youtube.com/watch?v=a5FddThT6vc
Search 1.5 Bil Flows
Over a Range of 4 Months
And response in 55 ms App Is Slow MajorityLook for are process “ms” distribution drill down into and the see Show me latency distributions onewhich in “s” processes are generating such latencyDrill-Down into “python” Process Filter Flows Shift in Time Expand on It
App Latency Net Latency Process Reply of all flows across 25 dimension Turn on or off dimension
Show me outliers
Visual Querry Web Platform talking to non production DB
Partners Labs And production DB
120 servers with agents Tetration recommended 4 clusters or EPG Tetration Analytics - Policy Compliance
15 digits for Freedom/Shadow IT Cisco eStore – What we will have in the store IT Infrastructure & Software & Apps Devices Collaboration Software Network Platform Services
Laptops & Email & Instant Messaging Desktop Corporate CITEIS Application & Web Desktops Calendaring Software Network Services
Smartphones & Tablets WebEx Social Web Mobile Home & Remote Datacenter Datacenter Conferencing Apps Access Computing Network
IP Phones Telepresence & Video - Live & WebEx Social Partner Database Hosting & Strategic & Voice Video Conferencing On-Demand Apps Connection (Extranet) ERP Innovation & Product Validation
Printers Content Web Applications Management & Accounts NSO Cisco Prime Service Catalog E M
Mail Server
Legacy Network Cisco Process Orchestrator Devices
Service Request/ Ticketing System
Cisco Prime Infrastructure
Analytics Engines W W W Hadoop Oracle CloudCenter Database(s) CI/CD UCSD CMDB Git UCSM Web Servers Jenkins Digital Signage Repo DNS/DHCP
Tenant “compute” 0
EPG 0
0 3 nodes running
Set forwarding mode to ACI with VLAN range
Create tenant compute
Learn different tenant
Create contracts “vmHTTPprovide” and “vmHTTPconsume” for vm to the PODs Create network “podnet”
default gateway “100.100.100.254” subnet“100.100.0/24” encapsulation “VLAN” Tenant “Compute”
Create group or POD “App” network “podnet” External contracts created for tenant tenant “compute” Create group or POD “DB” without contracts Spinning PODs living within kubernetes environment
App1 yaml file or pod spec Providing labels or metadata as part of pod definitions tenant “compute” network “podnet” created using contiv epg “app” : App1 pod need to be part of “app” end point group
from App1 (100.100.100.1) ping App2 (100.100.100.2) and ping DB (100.100.100.3) And external VM (101.101.101.101)
3 POD up and running From db1 (100.100.100.3) ping App1 (100.100.100.1) 0 packets received
3 packets received Vi docker-compose.yml Web exposed on port 5000 Extracting policy information's from image that developer build Instantiating labels and policy associated with it Launch the composition of application that you can launch in Docker swarm cluster
https://www.youtube.com/watch?v=dkQhjKL1xfo https://www.youtube.com/watch?v=8IiPOlmxXz4 https://www.youtube.com/watch?v=25OZHQ_t3nY https://www.youtube.com/watch?v=uE7cXUY Z_08 • Whitelist and micro segmentation • AWS implements “assured security model” - aws is responsible for security of infrastructure and physical location of data center. Users and consumers are responsible for security policy wrapped around application. • Security group used for white list policy model or access list – required every time when you configure amazon compute instance that you assign appropriate security group • Ex : Wordpress + load balancing + database cluster + proxy + caching Compute with default security group
Default security group DB HA Proxy
Access DB via Ping and curl
Run Script and add security Compute with default security group Compute assigned to new security groups
Added security group Selected Security Group Default security group Ping Stops Curl doesn’t work
Login to mysql works